spinwee1.online/root/spinwhel-dollar-update1/?bemobdata=c=eb6147fe-25ee-475f-98b9-c8162a79765e..l=0f5ed425-1402-48da-b28e-2a162da604c7..a=0..b=0..r=rezuke.gooredirect.xyz
104.21.45.199301 Moved Permanently 193 B URL HTTP/1.1 spinwee1.online/root/spinwhel-dollar-update1/?bemobdata=c=eb6147fe-25ee-475f-98b9-c8162a79765e..l=0f5ed425-1402-48da-b28e-2a162da604c7..a=0..b=0..r=rezuke.gooredirect.xyz
IP 104.21.45.199:0
File type ASCII text, with no line terminators
Hash 99d1699bce325944e16a3f2b49d7b144
d3fd152b67e85b5e679b7232089cd4b76fddcab4
a2765c2268b537a0466d02929007b8b3a31c6e00b6a14ef303ffef30beec71b9
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /root/spinwhel-dollar-update1/?bemobdata=c=eb6147fe-25ee-475f-98b9-c8162a79765e..l=0f5ed425-1402-48da-b28e-2a162da604c7..a=0..b=0..r=rezuke.gooredirect.xyz HTTP/1.1
Host: spinwee1.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Thu, 19 Jan 2023 22:41:15 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 193
Connection: keep-alive
Location: https://spinwee1.online/root/spinwhel-dollar-update1/?bemobdata=c=eb6147fe-25ee-475f-98b9-c8162a79765e..l=0f5ed425-1402-48da-b28e-2a162da604c7..a=0..b=0..r=rezuke.gooredirect.xyz
X-Nf-Request-Id: 01GQ6331K44VF3GV8BTR0RWG0X
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2xGySCrA7B3atUcVIPwCRwKexNEZLaPlBRVZD0bPIn3gnTA9F0rf5WkNd77AGTmEyq8PLNd1qNPDY33Grpd8EcEKWTxQDqjXAW9ZRNmVjdZ1eLOM9oy4skIjZf6sl9EU4f8%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 78c313a9d9a51c0a-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 37284a837312d6586460a3b86bbe7bd0
6ac0847abd48eb8607597218aaa2cb2d434c012b
6a0e11bb042555d72b397ae0cc3d5e242d3a3fe04418e28ffd222decca7d16ca
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6A0E11BB042555D72B397AE0CC3D5E242D3A3FE04418E28FFD222DECCA7D16CA"
Last-Modified: Wed, 18 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16384
Expires: Fri, 20 Jan 2023 03:14:20 GMT
Date: Thu, 19 Jan 2023 22:41:16 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash b36ef73c20dffb6bc10194bbd2d0dcfa
a67a4023dc8b4944debaeb92f3ba0f1402c079a6
05a7a4d832cf9e593ca44efea309edcbd80734583bada15fda3e740612eff991
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "05A7A4D832CF9E593CA44EFEA309EDCBD80734583BADA15FDA3E740612EFF991"
Last-Modified: Wed, 18 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9272
Expires: Fri, 20 Jan 2023 01:15:48 GMT
Date: Thu, 19 Jan 2023 22:41:16 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Content-Type, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 19 Jan 2023 22:34:34 GMT
content-type: application/json
age: 402
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 6c8239f3894cfba54d1f3a9ea1c85db5
a70f2b3bf79f2aa26b0cc0340dd182565c3eb946
64dc0508d3fcea1ec92fb60310e9b3f5454c0b69f61e8453fd443bc46ab9471b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "64DC0508D3FCEA1EC92FB60310E9B3F5454C0B69F61E8453FD443BC46AB9471B"
Last-Modified: Tue, 17 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19044
Expires: Fri, 20 Jan 2023 03:58:40 GMT
Date: Thu, 19 Jan 2023 22:41:16 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: Tz5jTLKaja2kSQ5T0a5eAvDstTMc1HlzeuxeJCUyT9CGyv02+Ni4VQJ/ps9/PwM6OJuzbGRGbDI=
x-amz-request-id: ASB83Y3CZES649SK
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 19 Jan 2023 22:17:22 GMT
age: 1434
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/_RGHbMLcXs4
142.250.74.131200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/_RGHbMLcXs4
IP 142.250.74.131:0
Hash 2868fd94635bb7e6fbed560a9f4cf2d8
6e8ba9f32340411084f8ff5ee4d277ed10f2d40b
697d3ad9a25826f78ff4dd9cd9fa763535a904dd3f939f91c6b3615427d3c193
POST /s/gts1p5/_RGHbMLcXs4 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 19 Jan 2023 22:41:16 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 22:41:16 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/_RGHbMLcXs4
142.250.74.131200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/_RGHbMLcXs4
IP 142.250.74.131:0
Hash 2868fd94635bb7e6fbed560a9f4cf2d8
6e8ba9f32340411084f8ff5ee4d277ed10f2d40b
697d3ad9a25826f78ff4dd9cd9fa763535a904dd3f939f91c6b3615427d3c193
POST /s/gts1p5/_RGHbMLcXs4 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 19 Jan 2023 22:41:16 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
spinwee1.online/root/spinwhel-dollar-update1/img/2.jpg
104.21.45.199200 OK 8.1 kB URL HTTP/2 spinwee1.online/root/spinwhel-dollar-update1/img/2.jpg
IP 104.21.45.199:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 200x200, components 3\012- data
Hash d3a748efcc12b64924280109f7b42c99
733dca7bef4f1f344b9bd0176ed9f8e6b38111e9
0f6c00936fa720c5c4b4bd5b410badd270114ba65d06ad148b550617a296ab17
Analyzer Verdict Alert quad9 Sinkholed
GET /root/spinwhel-dollar-update1/img/2.jpg HTTP/1.1
Host: spinwee1.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://spinwee1.online/root/spinwhel-dollar-update1/?bemobdata=c=eb6147fe-25ee-475f-98b9-c8162a79765e..l=0f5ed425-1402-48da-b28e-2a162da604c7..a=0..b=0..r=rezuke.gooredirect.xyz
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 19 Jan 2023 22:41:16 GMT
content-type: image/jpeg
content-length: 8149
cache-control: public, max-age=14400, must-revalidate
etag: "192591960bd52039aaec63c9d453a3a2-ssl"
x-nf-request-id: 01GQ63327BKZV8Z5J70K2W2Q03
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=albUE1RJNOGd01ZEjP353RsWORoAJH970vxLedvUI4rJT9GWV6UGKL6mDrVsqjL351WWlGX7pe6HZwMHlgmNoeFzXRC0MbX9r6surjEGZT2bhOuxqRZ3mZtlfSAvrWjUhSY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78c313adeec4b4f1-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
spinwee1.online/root/spinwhel-dollar-update1/?bemobdata=c=eb6147fe-25ee-475f-98b9-c8162a79765e..l=0f5ed425-1402-48da-b28e-2a162da604c7..a=0..b=0..r=rezuke.gooredirect.xyz
104.21.45.199200 OK 9.3 kB URL HTTP/2 spinwee1.online/root/spinwhel-dollar-update1/?bemobdata=c=eb6147fe-25ee-475f-98b9-c8162a79765e..l=0f5ed425-1402-48da-b28e-2a162da604c7..a=0..b=0..r=rezuke.gooredirect.xyz
IP 104.21.45.199:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (2177)
Hash 7b69a3a0e27f88b828bf30189d7062d1
aea01f2d1688fcbb0e487b85838741f54d95fedf
a3f24018c2d92171d4a28cd465f7f66ae37ea9765e0afaf0a45cab97c9d7aa04
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /root/spinwhel-dollar-update1/?bemobdata=c=eb6147fe-25ee-475f-98b9-c8162a79765e..l=0f5ed425-1402-48da-b28e-2a162da604c7..a=0..b=0..r=rezuke.gooredirect.xyz HTTP/1.1
Host: spinwee1.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Thu, 19 Jan 2023 22:41:16 GMT
content-type: text/html; charset=UTF-8
age: 114743
cache-control: public, max-age=0, must-revalidate
vary: Accept-Encoding
x-nf-request-id: 01GQ6331ZS06DQSR3FT6ZD4WPH
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fHEiIKGlYdeYmAysgnxGlO6bzRN9gU4B7S0VIyroQ1OsX2Dnxi0CF0pvU8UTOYtfN%2BxvcFkC7Ew%2BoAwDC%2BKGaoZx4ZtMxiD2gnYtaBkfN9PUYKara9lTb787BmePDAnI0OQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78c313ac5cfeb4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
spinwee1.online/root/spinwhel-dollar-update1/img/refresh.png
104.21.45.199200 OK 1.8 kB URL HTTP/2 spinwee1.online/root/spinwhel-dollar-update1/img/refresh.png
IP 104.21.45.199:0
File type PNG image data, 70 x 70, 8-bit colormap, non-interlaced\012- data
Hash 2d0f4539e28850747bcdf03e8c9a9f10
c400935fad4c29d04714cf5b9e74fb4d4d8f1e1d
c04fa254d43e1b6db555962ac2dbc6cd67d47aff3c1d7895a229cdaca87a688e
Analyzer Verdict Alert quad9 Sinkholed
GET /root/spinwhel-dollar-update1/img/refresh.png HTTP/1.1
Host: spinwee1.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://spinwee1.online/root/spinwhel-dollar-update1/?bemobdata=c=eb6147fe-25ee-475f-98b9-c8162a79765e..l=0f5ed425-1402-48da-b28e-2a162da604c7..a=0..b=0..r=rezuke.gooredirect.xyz
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 19 Jan 2023 22:41:16 GMT
content-type: image/png
content-length: 1798
cache-control: public, max-age=14400, must-revalidate
etag: "a8f2cf0e5f0e85d12faa27e61c1d49a3-ssl"
x-nf-request-id: 01GQ63327K697ZK07J5RH4GQJV
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VI8NxrroH2X8vi0gpiuvistEUwBEFXcf7Bqkf2ucbIEHy52iQiUso0Ih19FDrahW%2Bi%2FYXASrDgWUyTDh9ooKAu23TGvt9QYj1DI0hpwF34fbKX3%2BY%2BxthQqZ2wr0daGG61Q%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78c313adfee2b4f1-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
spinwee1.online/root/spinwhel-dollar-update1/img/smiley.png
104.21.45.199200 OK 5.0 kB URL HTTP/2 spinwee1.online/root/spinwhel-dollar-update1/img/smiley.png
IP 104.21.45.199:0
File type PNG image data, 200 x 200, 8-bit colormap, non-interlaced\012- data
Hash 6a1b1fb2c9a70e8bb232985a5e7c76f2
a371f8e561576cb893e897f1e156597d3abbd0be
68c86e51e47a972e3191621e48685c0d9d1e166235cd816dc74370bc439567fc
Analyzer Verdict Alert quad9 Sinkholed
GET /root/spinwhel-dollar-update1/img/smiley.png HTTP/1.1
Host: spinwee1.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://spinwee1.online/root/spinwhel-dollar-update1/?bemobdata=c=eb6147fe-25ee-475f-98b9-c8162a79765e..l=0f5ed425-1402-48da-b28e-2a162da604c7..a=0..b=0..r=rezuke.gooredirect.xyz
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 19 Jan 2023 22:41:16 GMT
content-type: image/png
content-length: 4992
cache-control: public, max-age=14400, must-revalidate
etag: "a770a97f2ef0e3b3edd238062c9e3313-ssl"
x-nf-request-id: 01GQ63327QQVWCT2KVWACZQFR9
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WpjThRJqTTTKfG%2FMywgGqyRRl9S12Y08ngYwyEUputFD9fzXzehLQc8FFGonNW3fsfVGEqI1qLg4%2BL4FU2g9%2BOvPqBUT0U2NQsGdMf4riSNiZ7QyGKPwZK9Y4DhPLK6zZMo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78c313adfedab4f1-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
spinwee1.online/root/spinwhel-dollar-update1/img/1.jpg
104.21.45.199200 OK 18 kB URL HTTP/2 spinwee1.online/root/spinwhel-dollar-update1/img/1.jpg
IP 104.21.45.199:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, description=Smiling hispanic or middle eastern young man looking at the camera\377\333], baseline, precision 8, 360x360, components 3\012- data
Hash 8d4757a7ca89741ae1ef279ac277739b
e3134530778bbf711de60829f9ee270ae3309d4b
e0b4b9068a7fe672f712bb1a39080e06604c506465394214cfde2382ba52f047
Analyzer Verdict Alert quad9 Sinkholed
GET /root/spinwhel-dollar-update1/img/1.jpg HTTP/1.1
Host: spinwee1.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://spinwee1.online/root/spinwhel-dollar-update1/?bemobdata=c=eb6147fe-25ee-475f-98b9-c8162a79765e..l=0f5ed425-1402-48da-b28e-2a162da604c7..a=0..b=0..r=rezuke.gooredirect.xyz
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 19 Jan 2023 22:41:16 GMT
content-type: image/jpeg
content-length: 18232
cache-control: public, max-age=14400, must-revalidate
etag: "0fdf1d98ca06e6a3b06349fd9985af77-ssl"
x-nf-request-id: 01GQ633278MV5Z9SGT6WM7WR6D
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FU2osr%2FwyvS3f%2FXtAdLAIh%2BtUTzyTBjduP8WE%2FhqofMUS%2By9pZf%2FQdON%2BPknZFhAaVxqJJsPpKqZ1AmutsoLeIfHskKiEtVz%2BkkF6W6ET6osxZzeOF9UCc7Qxr9nBFxJiQM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78c313adeec3b4f1-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
spinwee1.online/root/spinwhel-dollar-update1/img/3.jpg
104.21.45.199200 OK 15 kB URL HTTP/2 spinwee1.online/root/spinwhel-dollar-update1/img/3.jpg
IP 104.21.45.199:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, description=Smiling young man looking at the camera with his arms crossed\377\333], baseline, precision 8, 360x360, components 3\012- data
Hash 56612da382cd894c3d9a7066200c8987
b50307ef6d081ab84e04f3077551ef52bc677bf8
235ac72915d61b0433f01ae12e6a2a0dd5a676b0e85fdeeb67f6a5b2ea9bb63d
Analyzer Verdict Alert quad9 Sinkholed
GET /root/spinwhel-dollar-update1/img/3.jpg HTTP/1.1
Host: spinwee1.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://spinwee1.online/root/spinwhel-dollar-update1/?bemobdata=c=eb6147fe-25ee-475f-98b9-c8162a79765e..l=0f5ed425-1402-48da-b28e-2a162da604c7..a=0..b=0..r=rezuke.gooredirect.xyz
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 19 Jan 2023 22:41:16 GMT
content-type: image/jpeg
content-length: 14686
cache-control: public, max-age=14400, must-revalidate
etag: "a84fd5388db24f436ebb6879d0e97503-ssl"
x-nf-request-id: 01GQ63327DNRJ142HF6DNWPYPK
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7QytD4OJlcvEil38EpCnLgyS%2F%2F%2Flfms%2F4%2B0fGU%2FXzOeI%2BdwT0Ii5o0M%2Far1WVvUH%2BNBuC%2FPc6UMibS1yNBcjBaqfAoLPU%2BviyrTyi0G8b0%2B6jLPDDfGMtWrOnsPRlhjUltI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78c313adeec8b4f1-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
spinwee1.online/root/spinwhel-dollar-update1/img/4.jpg
104.21.45.199200 OK 21 kB URL HTTP/2 spinwee1.online/root/spinwhel-dollar-update1/img/4.jpg
IP 104.21.45.199:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 400x400, components 3\012- data
Hash 5c6bd23de24730e4b4b37730dd74aef8
6ad9ac3a16e2cd8521eeb8d918f0ceb383fb1f90
2fa0af8cb1cffe84b9fadb389a4750f9fe8a5a1ff0a3bce12ec329d4c5e9bcd8
Analyzer Verdict Alert quad9 Sinkholed
GET /root/spinwhel-dollar-update1/img/4.jpg HTTP/1.1
Host: spinwee1.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://spinwee1.online/root/spinwhel-dollar-update1/?bemobdata=c=eb6147fe-25ee-475f-98b9-c8162a79765e..l=0f5ed425-1402-48da-b28e-2a162da604c7..a=0..b=0..r=rezuke.gooredirect.xyz
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 19 Jan 2023 22:41:16 GMT
content-type: image/jpeg
content-length: 21109
cache-control: public, max-age=14400, must-revalidate
etag: "143c69aaf1e8ba0aabf3dd9ec1d9e445-ssl"
x-nf-request-id: 01GQ63327G14R2M6RG4PMN0TGS
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R1GsfiefHlcbRhzXumRHoA3p4np774kS7pbJalqdjB5EkGkQSB1pxlZVxLgsUoOgRibKtBBUj6IamyJzCZ2wnK35fdb4qWSBYgx64NjeEjj%2FvfEl2Tb%2FcMUYs%2FsTwKEkNO0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78c313adeec6b4f1-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
spinwee1.online/root/spinwhel-dollar-update1/img/7.jpg
104.21.45.199200 OK 26 kB URL HTTP/2 spinwee1.online/root/spinwhel-dollar-update1/img/7.jpg
IP 104.21.45.199:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 480x400, components 3\012- data
Hash 22cb80edd617362c5465bc2e8f8871d0
aa39c3c8c4dfb74089b63abef0e33e74e8fe5210
eaa4bd9a29ee64b0d8e79df7304706004eb6be85fc417f7ffaa0cc7eb6541635
Analyzer Verdict Alert quad9 Sinkholed
GET /root/spinwhel-dollar-update1/img/7.jpg HTTP/1.1
Host: spinwee1.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://spinwee1.online/root/spinwhel-dollar-update1/?bemobdata=c=eb6147fe-25ee-475f-98b9-c8162a79765e..l=0f5ed425-1402-48da-b28e-2a162da604c7..a=0..b=0..r=rezuke.gooredirect.xyz
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 19 Jan 2023 22:41:16 GMT
content-type: image/jpeg
content-length: 26430
cache-control: public, max-age=14400, must-revalidate
etag: "5f713f6c2173d1bb8ea9cf3786e18e19-ssl"
x-nf-request-id: 01GQ63327PWWBES0GMP4S6MSWM
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w%2Fto7%2FYyGrawq606Pc%2FIjrmrc26uMHLIaixZWkOYvTAC38y6177Y4X0k5C1MxIx5FnQvAjp10OHb8n9SL6pFkd0c93Sx0kjehO7e5w%2FgxCTBofS6ygL30pto3jbAjlwqH38%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78c313adfed9b4f1-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
spinwee1.online/root/spinwhel-dollar-update1/img/6.jpg
104.21.45.199200 OK 21 kB URL HTTP/2 spinwee1.online/root/spinwhel-dollar-update1/img/6.jpg
IP 104.21.45.199:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, description=happy refuuge at camp\377\333], baseline, precision 8, 408x408, components 3\012- data
Hash ccddf6a16d3fcc1c7ba4acef48fdef50
de01377d44746d8e92c46e1a64788b5df04340d4
a6fc77c7cb826f01f0aa8c3182b8b0006125f0d5fbec3ceff93b004d14e17d01
Analyzer Verdict Alert quad9 Sinkholed
GET /root/spinwhel-dollar-update1/img/6.jpg HTTP/1.1
Host: spinwee1.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://spinwee1.online/root/spinwhel-dollar-update1/?bemobdata=c=eb6147fe-25ee-475f-98b9-c8162a79765e..l=0f5ed425-1402-48da-b28e-2a162da604c7..a=0..b=0..r=rezuke.gooredirect.xyz
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 19 Jan 2023 22:41:16 GMT
content-type: image/jpeg
content-length: 20826
cache-control: public, max-age=14400, must-revalidate
etag: "d9f71630def6a1050f1f740068adb403-ssl"
x-nf-request-id: 01GQ63327SQ5DW9JZQG7198QEZ
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C%2FwN6tl%2FcFzegz8PrWx2jGB%2BptbsVCDiV2m2Ri4YU6RuglKZRTyvP1Cfs%2FBrRfkqpI7hh5Moiy1BjuyTwQymIZwo1uLGvw46W0y8asRMjxwxzoOcsDHikYN3jXkpOkT8IAU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78c313adfed6b4f1-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
spinwee1.online/root/spinwhel-dollar-update1/img/5.jpg
104.21.45.199200 OK 48 kB URL HTTP/2 spinwee1.online/root/spinwhel-dollar-update1/img/5.jpg
IP 104.21.45.199:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1, copyright=Shannon Selim], baseline, precision 8, 640x640, components 3\012- data
Hash 6b4d6ee00c74e83d9951c81d58ce9295
9594243fe36fb66f7f0cf659cd279be1cf1cc864
49950c2963d8d425b48440d5663c436b5cd6a4ee550f57912120d530c96032d2
Analyzer Verdict Alert quad9 Sinkholed
GET /root/spinwhel-dollar-update1/img/5.jpg HTTP/1.1
Host: spinwee1.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://spinwee1.online/root/spinwhel-dollar-update1/?bemobdata=c=eb6147fe-25ee-475f-98b9-c8162a79765e..l=0f5ed425-1402-48da-b28e-2a162da604c7..a=0..b=0..r=rezuke.gooredirect.xyz
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 19 Jan 2023 22:41:16 GMT
content-type: image/jpeg
content-length: 48500
cache-control: public, max-age=14400, must-revalidate
etag: "b7af897904fb4d58f4a27936259bb793-ssl"
x-nf-request-id: 01GQ63326BAF39ANVZZ3FBZ6M9
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lBRGdDvSZ3eUI76HLevACpBrs1C5nXB6IrCb8IByVrRoiRn%2B9gFgOYYJvs8CcYRZfWhYwKnQB4CRjqqv2vxqCjgrAcKiTlrhqC9AuGEfxVWaimc71WcBlxh0wX7X5NoVHQM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78c313adeecdb4f1-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
spinwee1.online/root/spinwhel-dollar-update1/img/cash.png
104.21.45.199200 OK 209 kB URL HTTP/2 spinwee1.online/root/spinwhel-dollar-update1/img/cash.png
IP 104.21.45.199:0
File type PNG image data, 583 x 428, 8-bit/color RGBA, non-interlaced\012- data
Size 209 kB (208563 bytes)
Hash fb2fb3ad3e6b2bd995282c94913e5511
626101ecc636398a7f5b02991ab8fecfc5ec50bf
ae6b385c0f9ad0ad8d24b508f0fbe1304f00e3401b84f4eb842c1618e975915f
Analyzer Verdict Alert quad9 Sinkholed
GET /root/spinwhel-dollar-update1/img/cash.png HTTP/1.1
Host: spinwee1.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://spinwee1.online/root/spinwhel-dollar-update1/?bemobdata=c=eb6147fe-25ee-475f-98b9-c8162a79765e..l=0f5ed425-1402-48da-b28e-2a162da604c7..a=0..b=0..r=rezuke.gooredirect.xyz
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 19 Jan 2023 22:41:16 GMT
content-type: image/png
content-length: 208563
cache-control: public, max-age=14400, must-revalidate
etag: "e6c7d366254d797918519c0942294681-ssl"
x-nf-request-id: 01GQ63327MM5J42228PWTER9GZ
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=byRyRIUYtKxTa7fqsc5%2F0P%2BGFgeBzPBKWGfYTLDCWY4csqMXePttfjfVQNDkHxJ46aVoIv%2FiRVTtnO08pi6155PGJrqmxiEAG4acF7wmO36X0ayERMeSpzIxEf33XCbt%2BYk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78c313addeb7b4f1-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
spinwee1.online/root/spinwhel-dollar-update1/img/spin_vi.png
104.21.45.199200 OK 144 kB URL HTTP/2 spinwee1.online/root/spinwhel-dollar-update1/img/spin_vi.png
IP 104.21.45.199:0
File type PNG image data, 501 x 501, 8-bit/color RGBA, non-interlaced\012- data
Size 144 kB (143539 bytes)
Hash b2e0dc76b605aceefed434898101c106
6f6884c31fc48831f5c86e78e172580a21de32d5
feffd2a69fa72042957b2bd5da3619cb1de3b20347d2cdd1b434a8835ac6fdd9
Analyzer Verdict Alert quad9 Sinkholed
GET /root/spinwhel-dollar-update1/img/spin_vi.png HTTP/1.1
Host: spinwee1.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://spinwee1.online/root/spinwhel-dollar-update1/?bemobdata=c=eb6147fe-25ee-475f-98b9-c8162a79765e..l=0f5ed425-1402-48da-b28e-2a162da604c7..a=0..b=0..r=rezuke.gooredirect.xyz
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 19 Jan 2023 22:41:16 GMT
content-type: image/png
content-length: 143539
cache-control: public, max-age=14400, must-revalidate
etag: "6abb8baa204b238e829a09b2a6e423b7-ssl"
x-nf-request-id: 01GQ63327X16BCRWKHDX9WN17Y
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PhkEgMlIWvy9DU3XbAwQG4Xmv5HQiVC%2B%2FpyMrcZrcpIB1R%2FIAnuFj4RsXBhz3Y4QFuN%2BN9Turp8Qqquxm31Kj7UBL2RGThwwifPmyCvGT3L10RwRmtGcJn8hTjdtkfRxZhg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78c313addeb5b4f1-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 9160c87091e288f4b0bc3f9966c336a7
07f56a614b01326ca4e1ee1127d2753b54cc7b5f
503cf078a5a61dbed3cf372186556ddf79df53867630a88bdfcf74e2d9a147e1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "503CF078A5A61DBED3CF372186556DDF79DF53867630A88BDFCF74E2D9A147E1"
Last-Modified: Tue, 17 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21551
Expires: Fri, 20 Jan 2023 04:40:27 GMT
Date: Thu, 19 Jan 2023 22:41:16 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Expires, Last-Modified, Alert, Content-Type, Content-Length, ETag, Pragma, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 19 Jan 2023 22:17:27 GMT
age: 1429
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash dce4a8be753d4a93db03ffca50421c43
068040a8f69777484e545c0053ad54f273710797
7e6dddef8a4a5502c9715f8c20dcb75e132ecc875f13459a967c9e235e9ce3e4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3397
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 19 Jan 2023 22:41:17 GMT
Last-Modified: Thu, 19 Jan 2023 21:44:40 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
54.203.48.107101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.203.48.107:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 1vFKPjH0uszbTLyxcjnAWg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: pzMWhhCkiTipMW+u/PrgTEC2i0M=
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 7db9f11a1c6ab0117ed3dd1d36e3aecc
61a4de77803ce4ad730c21dd88b5b55a196f26d6
b52c568528f72c5653bad85a1f72fb22f43dcb5d96ad234ab2772a7f95ca6cc2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B52C568528F72C5653BAD85A1F72FB22F43DCB5D96AD234AB2772A7F95CA6CC2"
Last-Modified: Tue, 17 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3893
Expires: Thu, 19 Jan 2023 23:46:11 GMT
Date: Thu, 19 Jan 2023 22:41:18 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 7db9f11a1c6ab0117ed3dd1d36e3aecc
61a4de77803ce4ad730c21dd88b5b55a196f26d6
b52c568528f72c5653bad85a1f72fb22f43dcb5d96ad234ab2772a7f95ca6cc2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B52C568528F72C5653BAD85A1F72FB22F43DCB5D96AD234AB2772A7F95CA6CC2"
Last-Modified: Tue, 17 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3893
Expires: Thu, 19 Jan 2023 23:46:11 GMT
Date: Thu, 19 Jan 2023 22:41:18 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 7db9f11a1c6ab0117ed3dd1d36e3aecc
61a4de77803ce4ad730c21dd88b5b55a196f26d6
b52c568528f72c5653bad85a1f72fb22f43dcb5d96ad234ab2772a7f95ca6cc2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B52C568528F72C5653BAD85A1F72FB22F43DCB5D96AD234AB2772A7F95CA6CC2"
Last-Modified: Tue, 17 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3893
Expires: Thu, 19 Jan 2023 23:46:11 GMT
Date: Thu, 19 Jan 2023 22:41:18 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 7db9f11a1c6ab0117ed3dd1d36e3aecc
61a4de77803ce4ad730c21dd88b5b55a196f26d6
b52c568528f72c5653bad85a1f72fb22f43dcb5d96ad234ab2772a7f95ca6cc2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B52C568528F72C5653BAD85A1F72FB22F43DCB5D96AD234AB2772A7F95CA6CC2"
Last-Modified: Tue, 17 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3893
Expires: Thu, 19 Jan 2023 23:46:11 GMT
Date: Thu, 19 Jan 2023 22:41:18 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9369b744-9dfc-4ac2-9ce0-a77f2ec05285.jpeg
34.120.237.76200 OK 8.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9369b744-9dfc-4ac2-9ce0-a77f2ec05285.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7cea3a2fd9e8c981ece73b75feccf858
37d407635bcb25d297429c10c3e33d58cc82e178
32063a5a3d74bc88752b89b7cd3387169e71e81d97ec0c2041c53c03c60f62a4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9369b744-9dfc-4ac2-9ce0-a77f2ec05285.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8230
x-amzn-requestid: 6ab1dccd-6dc5-485a-af2d-ac53f13c78bd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fAmRvGMJIAMFkdw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c9b73e-586593f974e499e94995c289;Sampled=0
x-amzn-remapped-date: Thu, 19 Jan 2023 21:33:50 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: LvLtJnSXSnrBdTUWvpvsX6Vu33POniybQnepJx06DqWLk2KwnC52AQ==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Thu, 19 Jan 2023 22:01:14 GMT
age: 2404
etag: "37d407635bcb25d297429c10c3e33d58cc82e178"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F698f24eb-f312-4a20-b261-be41dd92564c.jpeg
34.120.237.76200 OK 6.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F698f24eb-f312-4a20-b261-be41dd92564c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ffb6957f05eb26875b60b795a1a0e818
44c2febdf59c4f08401e7c3edd0837dd4b1a8886
0fdb841fbf2f336f58cc4b63d271c8cdd3fba345de4c774651826ea24e3628b6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F698f24eb-f312-4a20-b261-be41dd92564c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6399
x-amzn-requestid: e4b80b20-8aad-47aa-9059-7f7729f901bf
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e7UZ1ExQoAMFXKw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c79aa5-66622b6c3e8fd210011618c5;Sampled=0
x-amzn-remapped-date: Wed, 18 Jan 2023 07:07:17 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: vft6w7_C0wITMZHJIKtgk1N4jnzneplWHUZhPz_JyHmSI9kcEMK-SA==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 a847181d425b7fc57e81eb3c800bfdf2.cloudfront.net (CloudFront), 1.1 google
date: Thu, 19 Jan 2023 07:25:58 GMT
age: 54920
etag: "44c2febdf59c4f08401e7c3edd0837dd4b1a8886"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F39a35445-bc58-42fe-a967-b38a36fdd046.jpeg
34.120.237.76200 OK 6.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F39a35445-bc58-42fe-a967-b38a36fdd046.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a97cab18b1edfc6020ede86813e24b16
61f5d22d3697f56e862fa18b21ba971a8fafc856
adc06b60d43a1074da12325a4fb27365773ea08db9d51b1e0756b2b2a05a6400
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F39a35445-bc58-42fe-a967-b38a36fdd046.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6385
x-amzn-requestid: 09416be4-aaa4-4f3b-b92e-3063e89c5bb3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fAmxZHpeoAMFlxw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c9b808-3042764028f39b352c239328;Sampled=0
x-amzn-remapped-date: Thu, 19 Jan 2023 21:37:12 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: DbkhEhVNfkCoNSLLwlyIPT1-gjFurxzlZlH5SL4TkRtsddLixZ5ZZQ==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 19 Jan 2023 21:47:10 GMT
age: 3248
etag: "61f5d22d3697f56e862fa18b21ba971a8fafc856"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F51d12cb7-b021-47eb-a0b0-ff949f96b6de.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F51d12cb7-b021-47eb-a0b0-ff949f96b6de.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 86ca07c03adbaa31374225110924b188
b1bd67630aea727a624f00b8cfd660d3b0848de1
471e3db64c9a6ec7ae4a76ea1a0835bd90dc55b389e3fe2f90c18c4dd2dbec27
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F51d12cb7-b021-47eb-a0b0-ff949f96b6de.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10359
x-amzn-requestid: 4d5dedb2-c1a3-4433-a754-28e16385d9fd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fAmw1EbzoAMFqww=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c9b805-1520bf0a4fa4717e786a666f;Sampled=0
x-amzn-remapped-date: Thu, 19 Jan 2023 21:37:09 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 3h-LbrkCb1JFLLy-KKOJCf3MqVFXjgJDOf_EqMwxEsb6_a5O7j9vrw==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Thu, 19 Jan 2023 22:01:54 GMT
etag: "b1bd67630aea727a624f00b8cfd660d3b0848de1"
content-type: image/jpeg
age: 2364
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F69ec4951-e455-45b6-b3db-95b5ac8a4e52.webp
34.120.237.76200 OK 7.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F69ec4951-e455-45b6-b3db-95b5ac8a4e52.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 268917e31bd0a91c3eb034ab2f418fa2
f55a434f6cd25183862105ac4a37fa42808624ea
636932b142ba88141285ab52b8374984adafdc16051d150e9ee7723e7433c70d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F69ec4951-e455-45b6-b3db-95b5ac8a4e52.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7864
x-amzn-requestid: b50528d7-6bb6-45c9-bc9c-1ce6a7755b27
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fAmNMEZjoAMF1lw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c9b721-398dbc4a60ff6a0a69f29147;Sampled=0
x-amzn-remapped-date: Thu, 19 Jan 2023 21:33:21 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: PSCy7qVBFY-oOC8Lb6A3j9g7ejIe0D4g6vgp83CyBYRdtyk9YQalVw==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 19 Jan 2023 22:04:16 GMT
etag: "f55a434f6cd25183862105ac4a37fa42808624ea"
content-type: image/jpeg
age: 2222
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8b68e9e4-1990-4061-af46-b82abe4506ac.jpeg
34.120.237.76200 OK 9.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8b68e9e4-1990-4061-af46-b82abe4506ac.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 94079233f2d67e98580bfd64b2894ae4
89961b28d9aee3e387e4aaa57275c5dca1dca8f2
8161291ac6d3bd7f025a6d7528130576ddd4fac33c41a7b914a6b5b0ad139c28
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8b68e9e4-1990-4061-af46-b82abe4506ac.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9774
x-amzn-requestid: 8a16e99c-052a-4f25-8832-f7e04606e581
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fAogLHHvIAMFr-w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c9bacd-10b727ae4904494371326a16;Sampled=0
x-amzn-remapped-date: Thu, 19 Jan 2023 21:49:01 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: xvgnwnHWo3YW8tYseOKI_Af1GZnLEuwIiapYgscmXKcjYiqkpbN6zQ==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 19 Jan 2023 22:04:16 GMT
etag: "89961b28d9aee3e387e4aaa57275c5dca1dca8f2"
content-type: image/jpeg
age: 2222
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
spinwee1.online/root/spinwhel-dollar-update1/css/style_a.css
104.21.45.199200 OK 0 B URL HTTP/2 spinwee1.online/root/spinwhel-dollar-update1/css/style_a.css
IP 104.21.45.199:0
Analyzer Verdict Alert quad9 Sinkholed
GET /root/spinwhel-dollar-update1/css/style_a.css HTTP/1.1
Host: spinwee1.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://spinwee1.online/root/spinwhel-dollar-update1/?bemobdata=c=eb6147fe-25ee-475f-98b9-c8162a79765e..l=0f5ed425-1402-48da-b28e-2a162da604c7..a=0..b=0..r=rezuke.gooredirect.xyz
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 19 Jan 2023 22:41:16 GMT
content-type: text/css; charset=UTF-8
cache-control: public, max-age=14400, must-revalidate
etag: W/"1473adf58d9bbec22e785727559b8c51-ssl"
vary: Accept-Encoding
x-nf-request-id: 01GQ633273E7ZHZP8DS3NTMZ5B
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TLmEq59mB2cPrO6z71COBblr2D35KsRWZa1UeHMX68cwzuWVn%2BHn7ueyEYD%2BpPKYfINdWGW3mHg79b%2BD%2B%2FbonK9A24FJlCirDVURQzHTXxd5VeSmpGGrgJdlk3GzSz21BLc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78c313addeb3b4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
spinwee1.online/root/spinwhel-dollar-update1/css/style__base.css
104.21.45.199200 OK 0 B URL HTTP/2 spinwee1.online/root/spinwhel-dollar-update1/css/style__base.css
IP 104.21.45.199:0
Analyzer Verdict Alert quad9 Sinkholed
GET /root/spinwhel-dollar-update1/css/style__base.css HTTP/1.1
Host: spinwee1.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://spinwee1.online/root/spinwhel-dollar-update1/?bemobdata=c=eb6147fe-25ee-475f-98b9-c8162a79765e..l=0f5ed425-1402-48da-b28e-2a162da604c7..a=0..b=0..r=rezuke.gooredirect.xyz
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 19 Jan 2023 22:41:16 GMT
content-type: text/css; charset=UTF-8
cache-control: public, max-age=14400, must-revalidate
etag: W/"48cda9d2e1e4882f881c36734d6c0dbf-ssl-df"
vary: Accept-Encoding
x-nf-request-id: 01GQ63327545CX46Z0172QGT89
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UJ2NFXpNNtZZim0LK6UZ3sG%2FFSNtr44QjkqiJe484YisZR%2BrZM27%2FZ6OwP3IOBVwvHGMpyu3uEEYATmW76Q6JF1O7tBm1%2Fd51Xp2ympC0g8cllbijxupeQAooFfF5pji1ig%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78c313addeb1b4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
spinwee1.online/root/spinwhel-dollar-update1/js/en_date.js
104.21.45.199200 OK 0 B URL HTTP/2 spinwee1.online/root/spinwhel-dollar-update1/js/en_date.js
IP 104.21.45.199:0
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /root/spinwhel-dollar-update1/js/en_date.js HTTP/1.1
Host: spinwee1.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://spinwee1.online/root/spinwhel-dollar-update1/?bemobdata=c=eb6147fe-25ee-475f-98b9-c8162a79765e..l=0f5ed425-1402-48da-b28e-2a162da604c7..a=0..b=0..r=rezuke.gooredirect.xyz
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 19 Jan 2023 22:41:16 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=14400, must-revalidate
etag: W/"3ffc4d8daf8a0279c657879a371a6eff-ssl"
vary: Accept-Encoding
x-nf-request-id: 01GQ6332789APM3JYZ1Z91FNNC
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FDoZ2JW9MP7EsfLDbXQkfs8qyP36DAe36Kci3je%2FQqZyjYu58R5dTSPe%2FgL4xesdWvAp5sjw312rv2zwENiS6Ql6XJDIVYD1QcH0RBn2rivKThD%2FcmuEj5InqDSRgSdn3Qg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78c313addeafb4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
spinwee1.online/root/spinwhel-dollar-update1/js/jquery.min.js
104.21.45.199200 OK 0 B URL HTTP/2 spinwee1.online/root/spinwhel-dollar-update1/js/jquery.min.js
IP 104.21.45.199:0
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /root/spinwhel-dollar-update1/js/jquery.min.js HTTP/1.1
Host: spinwee1.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://spinwee1.online/root/spinwhel-dollar-update1/?bemobdata=c=eb6147fe-25ee-475f-98b9-c8162a79765e..l=0f5ed425-1402-48da-b28e-2a162da604c7..a=0..b=0..r=rezuke.gooredirect.xyz
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 19 Jan 2023 22:41:16 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=14400, must-revalidate
etag: W/"ddbc6702bc953f6dedfe3543150cf865-ssl-df"
vary: Accept-Encoding
x-nf-request-id: 01GQ63327YTJS6XX0HH5R6MM1X
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LJXhHcvemP%2BxIKWN9K7X4ZEgd%2Btp1Don98E6qQfZyuOWPkqPfLi7CaeNFZB8zb55PKDtwB7vnNj1UiqPapnDxo3kVjthFYhguE0HXdGkhzWcO6BAWiHSmj%2Fkv9fHww8zSiQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78c313adfee7b4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ahaurgoo.net/pfe/current/micro.tag.min.js?z=5657473&sw=/sw-check-permissions-552cb.js
139.45.197.251200 OK 0 B URL HTTP/2 ahaurgoo.net/pfe/current/micro.tag.min.js?z=5657473&sw=/sw-check-permissions-552cb.js
IP 139.45.197.251:0
Analyzer Verdict Alert quad9 Sinkholed
GET /pfe/current/micro.tag.min.js?z=5657473&sw=/sw-check-permissions-552cb.js HTTP/1.1
Host: ahaurgoo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://spinwee1.online/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 22:41:16 GMT
content-type: application/javascript
last-modified: Wed, 21 Dec 2022 12:58:18 GMT
etag: W/"63a302ea-9a87"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
spinwee1.online/root/spinwhel-dollar-update1/js/bioep.min.js
104.21.45.199200 OK 0 B URL HTTP/2 spinwee1.online/root/spinwhel-dollar-update1/js/bioep.min.js
IP 104.21.45.199:0
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /root/spinwhel-dollar-update1/js/bioep.min.js HTTP/1.1
Host: spinwee1.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://spinwee1.online/root/spinwhel-dollar-update1/?bemobdata=c=eb6147fe-25ee-475f-98b9-c8162a79765e..l=0f5ed425-1402-48da-b28e-2a162da604c7..a=0..b=0..r=rezuke.gooredirect.xyz
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 19 Jan 2023 22:41:16 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=14400, must-revalidate
etag: W/"16322b53a3ea039d744dc303d398d1dd-ssl"
vary: Accept-Encoding
x-nf-request-id: 01GQ63327BYTVY6Z93D40MHSWG
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=51KXiUR5%2BksZ9RpFVku%2FNBOVIv6ND2%2F3YcMLyHih5%2FrgntiuZQPiDhEfyofR%2BrgR03uq7EOkzxbggtBPPVl6bJ7OvPoRLfbL6uS7GmAF%2B9tJeHuiQY5CgcaBm%2FgAQjbTK34%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78c313addeb4b4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
backunder.com/script.js
188.114.96.1200 OK 0 B IP 188.114.96.1:0
GET /script.js HTTP/1.1
Host: backunder.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://spinwee1.online/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 19 Jan 2023 22:41:16 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=1048
etag: W/"418-5efe232c61c0f-gzip"
last-modified: Thu, 15 Dec 2022 18:41:17 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 6006
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yQOW17%2BFB%2Ft9zXXtNqHcrpQjoeHI%2BXxjevdtdrPt0q133eHCtz2DX%2FTBhEFfBG5AwnW5vXX6ES7ye9EimttBliVmnUfw%2FOizqmb4VWfrqynnrL9tezR8OHaGDYF7oi%2B9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78c313ae3a73b4ff-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2